ClamAV out of date - The right way to update without crashing ISPconfig3

Discussion in 'Installation/Configuration' started by danhansen@denmark, Mar 20, 2013.

  1. danhansen@denmark

    danhansen@denmark New Member

    Hi,

    First of all, sorry for posting some threads the wrong place. Thought questions regarding ISPConfig 3 were to be posted at "HOWTO-Related Questions" and/or "Server Operation". Sorry about that :eek:

    I have an Ubuntu Server 10.04 with ISPConfig3 installed. I am getting a warnings regarding ClamAV. Please look at this:

    From FreshClamLog:
    Wed Mar 20 07:03:37 2013 -> Received signal: wake up
    Wed Mar 20 07:03:37 2013 -> ClamAV update process started at Wed Mar 20 07:03:37 2013
    Wed Mar 20 07:03:37 2013 -> WARNING: Your ClamAV installation is OUTDATED!
    Wed Mar 20 07:03:37 2013 -> WARNING: Local version: 0.97.6 Recommended version: 0.97.7
    Wed Mar 20 07:03:37 2013 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
    Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
    Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
    Wed Mar 20 07:03:41 2013 -> --------------------------------------


    I read this old thread, answered by Falko http://www.howtoforge.com/forums/archive/index.php/t-50464.html, regarding just this - but there is some additional warnings which I have inserted below.:

    Mail-Error-Log
    Data from: 2013-03-20 07:15
    Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups
    Mar 18 06:28:01 webserver1 amavis[1669]: (01669-01) (!!)WARN: all primary virus scanners failed, considering backups
    Mar 18 16:05:18 webserver1 amavis[1668]: (01668-02) (!!)WARN: all primary virus scanners failed, considering backups


    So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?

    A few other Alarms in the Monitor Area:

    ISPConfig Cron - Log
    Data from: 2013-03-20 07:35
    [...]PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
    PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
    [...]


    and additional warnings in:

    RKHunter Log
    Fail2Ban Log


    Are theese warnings to be taken a little lightly? Not so serious?
    How do you "reset" the logs or delete them? And if deleted, will the file self generate?

    Looking forward to any kind of response

    Kind Regards,
    DanHansen@Denmark
     
  2. florian030

    florian030 HowtoForge Supporter

    Hi,

    This has nothing to do with your Clamd-Version or the database-version.

    Amavis canĀ“t reach clamd as defined in @av_scanners. Make sure that the clamd is running and the socket-file in your amavis-config for the @av_scanners matches the LocalSocket defined in your clamd.conf
     
  3. till

    till Super Moderator

    There is nothing to be updated as your clamav signatures are up to dae:

    Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
    Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
    Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

    Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.
     
  4. danhansen@denmark

    danhansen@denmark New Member

    Hi Florian & Till,

    Thanks for your help guys ;)
    I will look into the faq of clamav, just wanted confirmation from the pro's

    Thanks
    Kind Regards,
    Dan Hansen
     
  5. Hairy

    Hairy New Member

    It is true that your signatures are up to date. However, your antivirus program IS out of date. Keeping your signatures up to date, does not keep your antivirus program up to date.

    To update your antivirus program, ssh to your server as root and type the following:

    Code:
    freshclam
    It will take a little bit of time to show up in the ISPConfig log panel. When it does show up, you will now see a green background around the data that is shown on the 'show overview' screen. YAY!
     
  6. florian030

    florian030 HowtoForge Supporter

    No. Freshclam updates the signatures and never clamd.
    Usually freshclam runs every x hours - depends on your freshclam.conf
     
  7. Hairy

    Hairy New Member

    I apologize. :D

    The correct way to update the antivirus program is:
    Code:
    yum update clamav
    Then to update signatures:
    Code:
    freshclam
    The freshclam is usually setup to update the signatures automatically.
     

Share This Page